Open
Conversation
Member
Author
|
Currently there's an issue with Tsumugi model. Other models load fine. Before merging, we should check if the issue persists with other models. |
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Fix: Fix name collision * Fix: Fix possible override * Fix: Use reentrant providing time function * Fix: Fix override * Update AssbinFileWriter.cpp Revert, not portable. * Update AssxmlFileWriter.cpp Revert asctime_r, not portable.
* Add test for 3x3 matrices and 4x4 matrix access
) * Fixing building errors from job https://github.com/assimp/assimp/actions/runs/12403918024/job/34628244451?pr=5928 * Adding some asserts for future mantainability, although a bit paranoic maybe --------- Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Previously tangents were not being exported. If they are present, they should also be properly exported. Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
The docs talked about the importer, but no importer exists in the context of calling this function. It seems like the docs may have been accidentally copied from somewhere else. I copied the docs from another import function within the same file. This seems reasonable because the implementations of both functions suggest they work the same way: the function creates the importer and sets it into the scene private data so that the later release call can release the importer. Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
- Introduce VRML format (.wrl and .x3dv) 3D model support - Add samples --------- Co-authored-by: Steve M <praktique-tellypresence@yahoo.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
While one of the throws in the function did indeed close the open stream, several didn't. Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Co-authored-by: Kim Kulling <kim.kulling@draeger.com>
* Refactorings: Code cleanups * More cosmetic changes --------- Co-authored-by: Kim Kulling <kim.kulling@draeger.com>
Co-authored-by: Dwayne Coussement <dwayne.coussement@showpad.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Fix texture mapping --------- Co-authored-by: Steve M <praktique-tellypresence@yahoo.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* [FBX] Allow export multi materials per node Previously it was assumed that each node would export a single material. This removes that assumption, and also allows for exporting multiple meshes with a single node. Previously they would each be seprated into their own node. * Support for animations with multiple meshes too --------- Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Fix unknown pragma error on msys2 mingw * Fix missing assignment operator on msys2 mingw Default is omitted by compiler because custom copy constructor * Fix redefinition of _1 and _2 error on msys2 mingw fix is converting it to lambda as clang is claiming that is preferred * Fix strncpy warnings about truncation * Fix missing assignment operator error on clang * Update glTFImporter.cpp * Update glTF2Importer.cpp --------- Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Prefix MTL textures with the MTL directory path. Path to textures defined in MTL files are relative to the MTL file rather than to the OBJ, so we need to prefix them with the MTL file directory path. * Adding test issue 2355 * Trying to fix for Windows when file has Linux path --------- Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* added gltf extension KHR_materials_anisotropy * Update glTF2Importer.cpp --------- Co-authored-by: lutz.hoeren <lutz.hoeren@redplant.de> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* LWO: Fix heap buffer overflow in LWOImporter::GetS0 * Add strict buffer boundary checks to prevent out-of-bounds reads on malformed or unterminated strings. Fixes #6169 (CVE-2025-5167)
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Add developer quickstart section to Readme -Added a quickstart guide for developers to clone and build the project. - closes #6469 * Change headings from H3 to H2 in Readme.md
…6470) The mColors[0] array was allocated with m_numColors elements but indexed up to mNumVertices (= numFaces * 3), causing an out-of-bounds write when the color count is less than the vertex count. Allocate mColors[0] with mNumVertices (matching mNormals and mTextureCoords), and add a bounds check on idx before reading from the source color array. Fixes #6468 Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
…lation (#6473) * glTF2: Fix heap-buffer-overflow in Accessor validation and size calculation This patch fixes a heap-buffer-overflow in `glTF2::Accessor::ExtractData` caused by incorrect bounds validation and available size reporting. The vulnerability stemmed from two issues in `glTF2Asset.inl`: 1. **Underestimated validation in `Accessor::Read`**: The logic used `GetBytesPerComponent() * count` to validate the required buffer size. This failed to account for the actual `stride`, allowing accessors to pass validation even if their total footprint (including stride) exceeded the buffer view. 2. **Incorrect size reporting in `Accessor::GetMaxByteSize`**: The function returned the total `bufferView->byteLength` while ignoring the `byteOffset`. Since the accessor data starts at `byteOffset`, the actual available space is `byteLength - byteOffset`. This led `ExtractData` to permit reads that extended beyond the end of the allocated buffer. Changes: * Modified `Accessor::Read` to use `GetStride() * count` for length validation. * Updated `Accessor::GetMaxByteSize` to correctly return `bufferView->byteLength - byteOffset` for standard accessors and `sparse->data.size()` for sparse accessors. Co-authored-by: CodeMender <codemender-patching@google.com> Fixes: https://issues.oss-fuzz.com/issues/483102963 * address comment --------- Co-authored-by: CodeMender <codemender-patching@google.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
The FBX exporter was unconditionally dereferencing a map iterator (`tp_elem`) even when the key was not found (i.e., `tp_elem == tpath_by_image.end()`). This resulted in a stack-use-after-scope error when accessing `tp_elem->second` to populate "FileName" and "RelativeFilename" nodes, as dereferencing the end iterator of the map accessed invalid stack memory (the map's sentinel). The code already correctly initialized a local `tfile_path` variable based on whether the iterator was valid. This patch updates the `AddChild` calls to use `tfile_path` instead of dereferencing the potentially invalid iterator. Fixes: https://issues.oss-fuzz.com/issues/465494996 Co-authored-by: CodeMender <codemender-patching@google.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
The `ObjFileParser::getFace` method failed to recognize the vertical tab character (`\v`, 0x0b) as a separator. While the `IsSpaceOrNewLine` utility handles most whitespace (space, tab, CR, LF, FF), it excludes `\v`. When encountering a vertical tab, the parser fell through to an `else` block that calls `::atoi(&(*m_DataIt))`. Because `atoi` treats `\v` as whitespace per the C standard, it skips the character and continues reading. If `\v` is located at the end of the buffer (e.g., followed by a newline at the buffer boundary), `atoi` can read past the allocated memory, triggering a heap-buffer-overflow. This fix explicitly checks for `\v` and treats it as a separator, resetting the position counter and preventing the invalid `atoi` call. Verified with AddressSanitizer and confirmed that all 584 existing unit tests pass. Fixes: https://issues.oss-fuzz.com/issues/476180586 Signed-off-by: Bill Wendling <morbo@google.com> Co-authored-by: Meder Kydyraliev <meder@google.com> Co-authored-by: CodeMender <codemender-patching@google.com>
In `HL1MDLLoader::read_animations`, the arrays for `scene_->mAnimations` and `scene_animation->mChannels` were allocated using `new T*[count]`. This performs default initialization, which leaves the pointer elements with indeterminate (garbage) values. If an exception (such as a `DeadlyImportError` from malformed input) is thrown during the loop populating these arrays, the `aiScene` or `aiAnimation` destructors are invoked during stack unwinding. These destructors iterate through the allocated arrays and call `delete` on each element. Because the arrays contained garbage values for indices not yet reached by the loader, the destructor attempted to delete invalid memory addresses, leading to a segmentation fault. This patch changes the allocations to use value-initialization (`new T*[count]()`), ensuring all pointers are initialized to `nullptr`. Since `delete nullptr` is a safe no-op, the destructors can now safely clean up partially initialized objects during an exception. Fixes: https://issues.oss-fuzz.com/issues/483188619 Co-authored-by: CodeMender <codemender-patching@google.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
…6541) Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Update supported version in SECURITY.md - Preparation for bugfix release v6.0.5 * Update CMakeLists.txt * Update aiGetVersionPatch test to expect version 5
…imation keys (#6543) fix(gltf2): preserve interpolation type and CubicSpline tangents The glTF2 importer previously ignored the mInterpolation field and discarded CubicSpline tangent data, leading to incorrect animation playback. - Implement MapInterpolation() to map glTF2 interpolation types to Assimp. - Set mInterpolation for all aiVectorKey and aiQuatKey instances. - For CUBICSPLINE samplers, store [in-tangent, value, out-tangent] triplets (N x 3 keys) instead of discarding tangents. - Fixes rendering consistency for InterpolationTest.glb where STEP, LINEAR, and CUBICSPLINE rows previously rendered identically. Affected channels: mPositionKeys, mRotationKeys, mScalingKeys. Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v7...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Added a comprehensive AI Tool Use Policy outlining guidelines for contributors on using AI tools, ensuring human oversight and accountability in contributions. - closes #6538
* Refactor material system * Fix sonarqube finding
The `GetVertexColorsForType` function previously used `input->count` (the total number of elements in the accessor) to allocate the output array and bound the conversion loop. However, when a `vertexRemappingTable` is provided, `ExtractData` extracts a subset of elements matching the size of the remapping table rather than the full accessor count. In cases where the remapping table was smaller than the accessor count (including empty tables), the subsequent loop would perform out-of-bounds reads on the `colors` buffer allocated by `ExtractData`. This fix captures the actual number of elements extracted by `ExtractData` and uses this value for the output allocation and loop iteration, ensuring memory safety when vertex remapping is active. Verified with ASan and existing unit tests.
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* initial commit * remove unused function
Fixes bug introduced in d1b73df, where min was always set to DBL_MIN Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Fix conditional check in SkipSpaces function to prevent out-of-bound access. The `SkipSpaces` function's condition was updated to ensure that the pointer check `in != end` is evaluated before dereferencing the pointer. This change prevents potential out-of-bound access when the input pointer reaches the end. * Avoid input is wrong * Fix all in != end * Fix some minor bugs * Change size to capacity * Obj: Fix unittest
* Add inline to ai_epsilon to avoid ODR violations --------- Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
When compiling with -march=znver4 (or any arch with FMA), GCC's default -ffp-contract=fast contracts a*b+c into FMA opportunistically. The same inline math function compiled in the shared library and in the test binary can get different FMA contraction decisions due to different optimization contexts, producing bit-different FP results. Three API tests compare C++ direct calls (inlined into test TU) against C API wrapper calls (through libassimp.so) using EXPECT_EQ (bit-exact), which fails when the compiler contracts differently across TUs. Verified via disassembly: the library uses vfnmadd FMA instructions (3 roundings) while the test binary uses separate vmulss+vsubss (6 roundings) for the same computation. Replace EXPECT_EQ with Equal(epsilon) for the three affected tests: - aiMatrix3FromToTest: use machine epsilon (~1.19e-7) - aiMatrix4FromToTest: use machine epsilon (~1.19e-7) - aiQuaternionFromNormalizedQuaternionTest: use 1e-4 because FMA differences in 1.0-x*x-y*y-z*z can flip a near-zero residual's sign, causing w=0 vs w=sqrt(tiny)≈1e-4 Fixes #6246 Co-authored-by: Chris de Claverie <declaverie@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Add files for assimp rust wrapper * Fix bindgen usage. * Add missing includes for the rust bindings. * Apply suggestion from @coderabbitai[bot] Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update build.rs * Fix formatting in Cargo.toml * Remove generated file --------- Co-authored-by: Kim Kulling <kullingk@LDED5178.corp.draeger.global> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…uildMeshesForNode` (#6575) The root cause was an unchecked access to the `newMats` vector using `matIdx`. When a material name (`meshMaterial`) is not found in `mMaterialIndexByName`, `matIdx` defaults to 0. If `newMats` is empty (which happens if the material library is empty or failed to load), accessing `newMats[0]` results in a container-overflow. The fix involves adding a bounds check `matIdx < newMats.size()` to the condition guarding the access to `newMats`. Additionally, based on maintainer feedback, I added a warning log `ASSIMP_LOG_WARN` when the index is out of bounds, to inform the user about the missing material definition or broken reference. I verified the fix using the provided reproduction command. The container-overflow is no longer triggered. I also built and ran the unit tests. Since `bin/unit` was missing, I manually built the unit tests using `cmake.real` and `ninja` in `/src/assimp/build_tests` with `ASSIMP_BUILD_TESTS=ON`, `ASSIMP_BUILD_ZLIB=ON`, and `ASSIMP_WARNINGS_AS_ERRORS=OFF` (to bypass a gtest compilation warning), and updated `run_tests.sh` to point to the built binary. All 584 tests passed. Fixes: https://issues.oss-fuzz.com/issues/483102958 Signed-off-by: Bill Wendling <morbo@google.com> Co-authored-by: CodeMender <codemender-patching@google.com> Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Fixed CanRead function for FBXImporter, which is important when reading from memory * Update FBXImporter.cpp --------- Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.